ASV: support PHP 7.4 serialized format

Author: mle86

CHANGELOG.md

@@ -1,6 +1,7 @@
 v2.2.0 (2019-11)
 
  * Improved unserialization
+    * Forward-compatibility to shorter PHP7.4 format
     * Re-validate serialized value
     * Tests
 

src/AbstractSerializableValue.php

@@ -44,17 +44,37 @@ public function jsonSerialize()
      * contains a value which is no longer considered valid.
      * That's why this method re-applies the {@see isValid} check.
      *
+     * This method also provides forward compatibility to the new PHP 7.4
+     * `__serialize`/`__unserialize` format we'll implement in v3.
+     * It is only called in a PHP7.3 (or older) environment
+     * as PHP 7.4+ ignores it if an __unserialize method is present.
+     *
      * @internal
      */
     public function __wakeup()
     {
+        if (isset($this->{'0'})) {
+            /* We're running PHP 7.3 or older and this instance was just unserialized
+             * from a serialization created with PHP 7.4+,
+             * which just contains [0 => $value].
+             * Luckily PHP 7.3's unserialize() can sort of handle that:
+             * it will write the value into a magic property called '0'.
+             * We'll just call the constructor (which hasn't happened yet)
+             * to run validation and to set $isSet.  */
+            $inputValue = $this->{'0'};
+            unset($this->{'0'});
+            $this->__construct($inputValue);
+            return;
+        }
+
         /*
-         * The serialization contained both $value and $isSet
+         * We're running PHP 7.3 or older and this instance was just unserialized
+         * from a serialization also created with PHP 7.3 or older.
+         * In this case, the serialization contained both $value and $isSet
          * and there's nothing left to assign.
          * But we'll still run the validation
          * just in case the serialized value is no longer considered valid.
          */
-
         $storedValue = $this->value();
         if (!static::isValid($storedValue)) {
             $storedValue = (is_string($storedValue) || is_int($storedValue) || is_float($storedValue))

test/15-SerializableValueTest.php

@@ -3,6 +3,7 @@
 namespace mle86\Value\Tests;
 
 use mle86\Value\AbstractSerializableValue;
+use mle86\Value\AbstractValue;
 use mle86\Value\InvalidArgumentException;
 use mle86\Value\Tests\Helpers\TestSWrapper6;
 use mle86\Value\Value;
@@ -100,6 +101,10 @@ public function testPhpSerialize(AbstractSerializableValue $tw): string
         $ser = serialize($tw);
         $this->assertNotEmpty($ser);
         return $ser;
+
+        # TODO: if we raise our PHP dependency to 7.4+
+        #  we can assume that $set came directly from the __serialize method;
+        #  that means we can assert that it doesn't contain the $isSet flag.
     }
 
     /**
@@ -147,4 +152,78 @@ public function testSerializedValueValidity()
         unserialize($invalidSerialization);
     }
 
+    /**
+     * Ensures that the future PHP7.4 serialization format
+     * is already accepted (and correctly processed)
+     * by this version of the library.
+     *
+     * @depends testPhpUnserialize
+     * @depends testSerializedValueValidity
+     */
+    public function testUnserializationForwardCompatibility()
+    {
+        $twFqcn            = TestSWrapper6::class;
+        $twFqcnLen         = strlen($twFqcn);
+        $inputValue        = self::VALID_INPUT2;
+        $inputLen          = strlen($inputValue);
+        $invalidInputValue = self::INVALID_INPUT2;
+        $invalidInputLen   = strlen($inputValue);
+
+        $validPhp74Serialization =
+            "O:{$twFqcnLen}:\"{$twFqcn}\":1:{i:0;s:{$inputLen}:\"{$inputValue}\";}";
+        $invalidPhp74Serialization =
+            "O:{$twFqcnLen}:\"{$twFqcn}\":1:{i:0;s:{$invalidInputLen}:\"{$invalidInputValue}\";}";
+
+        /** @var TestSWrapper6 $unserializedObject */
+        $unserializedObject = unserialize($validPhp74Serialization);
+        $this->assertInstanceOf(TestSWrapper6::class, $unserializedObject,
+            "FC Unserialization returned object of wrong class!");
+        $this->assertEquals($inputValue, $unserializedObject->value(),
+            "FC Unserialized object has incorrect value!");
+
+        $this->expectException(InvalidArgumentException::class);
+        unserialize($invalidPhp74Serialization);
+    }
+
+    /**
+     * Ensures that the pre-PHP7.4 serialization format
+     * is still accepted and correctly processed,
+     * even if this library is being used within PHP 7.4+.
+     *
+     * @depends testPhpUnserialize
+     * @depends testSerializedValueValidity
+     */
+    public function testUnserializationBackwardCompatibility()
+    {
+        $twFqcn            = TestSWrapper6::class;
+        $twFqcnLen         = strlen($twFqcn);
+        $valVarName        = "\0" . AbstractValue::class . "\0" . 'value';
+        $valVarLen         = strlen($valVarName);
+        $setVarName        = "\0" . AbstractValue::class . "\0" . 'isSet';
+        $setVarLen         = strlen($valVarName);
+        $inputValue        = self::VALID_INPUT2;
+        $inputLen          = strlen($inputValue);
+        $invalidInputValue = self::INVALID_INPUT2;
+        $invalidInputLen   = strlen($inputValue);
+
+        $validPhp73Serialization =
+            "O:{$twFqcnLen}:\"{$twFqcn}\":2:{".
+            "s:{$valVarLen}:\"{$valVarName}\";s:{$inputLen}:\"{$inputValue}\";".
+            "s:{$setVarLen}:\"{$setVarName}\";b:1;}";
+        $invalidPhp73Serialization =
+            "O:{$twFqcnLen}:\"{$twFqcn}\":2:{".
+            "s:{$valVarLen}:\"{$valVarName}\";s:{$invalidInputLen}:\"{$invalidInputValue}\";".
+            "s:{$setVarLen}:\"{$setVarName}\";b:1;}";
+
+        /** @var TestSWrapper6 $unserializedObject */
+        $unserializedObject = unserialize($validPhp73Serialization);
+        $this->assertInstanceOf(TestSWrapper6::class, $unserializedObject,
+            "BC Unserialization returned object of wrong class!");
+        $this->assertEquals($inputValue, $unserializedObject->value(),
+            "BC Unserialized object has incorrect value!");
+
+        $this->expectException(InvalidArgumentException::class);
+        unserialize($invalidPhp73Serialization);
+    }
+
 }